Arash Habibi Lashkari

A Lightweight Privacy-Preserving Data Aggregation Scheme for Fog Computing-Enhanced IoT

Fog computing-enhanced Internet of Things (IoT) has recently received considerable attention, as the fog devices deployed at the network edge can not only provide low latency, location awareness but also improve real-time and quality of services in IoT application scenarios. Privacy-preserving data aggregation is one of typical fog computing applications in IoT, and many privacy-preserving data aggregation schemes have been proposed in the past years. However, most of them only support data aggregation for homogeneous IoT devices, and cannot aggregate hybrid IoT devices’ data into one in some real IoT applications. To address this challenge, in this paper, we present a lightweight privacy-preserving data aggregation scheme, called Lightweight Privacy-preserving Data Aggregation, for fog computing-enhanced IoT. The proposed LPDA is characterized by employing the homomorphic Paillier encryption, Chinese Remainder Theorem, and one-way hash chain techniques to not only aggregate hybrid IoT devices’ data into one, but also early filter injected false data at the network edge. Detailed security analysis shows LPDA is really secure and privacy-enhanced with differential privacy techniques. In addition, extensive performance evaluations are conducted, and the results indicate LPDA is really lightweight in fog computing-enhanced IoT.

Characterization of Encrypted and VPN Traffic using Time-related Features

Traffic characterization is one of the major challenges in today’s security industry. The continuous evolution and generation of new applications and services, together with the expansion of encrypted communications makes it a difficult task. Virtual Private Networks (VPNs) are an example of encrypted communication service that is becoming popular, as method for bypassing censorship as well as accessing services that are geographically locked. In this paper, we study the effectiveness of flow-based time-related features to detect VPN traffic and to characterize encrypted traffic into different categories, according to the type of traffic e.g., browsing, streaming, etc. We use two different well-known machine learning techniques (C4.5 and KNN) to test the accuracy of our features. Our results show high accuracy and performance, confirming that time-related features are good classifiers for encrypted traffic characterization.

Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization.

With exponential growth in the size of computer networks and developed applications, the significant increasing of the potential damage that can be caused by launching attacks is becoming obvious. Meanwhile, Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs) are one of the most important defense tools against the sophisticated and ever-growing network attacks. Due to the lack of adequate dataset, anomaly-based approaches in intrusion detection systems are suffering from accurate deployment, analysis and evaluation. There exist a number of such datasets such as DARPA98, KDD99, ISC2012, and ADFA13 that have been used by the researchers to evaluate the performance of their proposed intrusion detection and intrusion prevention approaches. Based on our study over eleven available datasets since 1998, many such datasets are out of date and unreliable to use. Some of these datasets suffer from lack of traffic diversity and volumes, some of them do not cover the variety of attacks, while others anonymized packet information and payload which cannot reflect the current trends, or they lack feature set and metadata. This paper produces a reliable dataset that contains benign and seven common attack network flows, which meets real world criteria and is publicly avaliable. Consequently, the paper evaluates the performance of a comprehensive set of network traffic features and machine learning algorithms to indicate the best set of features for detecting the certain attack categories.

Characterization of Tor Traffic using Time based Features.

Traffic classification has been the topic of many research efforts, but the quick evolution of Internet services and the pervasive use of encryption makes it an open challenge. Encryption is essential in protecting the privacy of Internet users, a key technology used in the different privacy enhancing tools that have appeared in the recent years. Tor is one of the most popular of them, it decouples the sender from the receiver by encrypting the traffic between them, and routing it through a distributed network of servers. In this paper, we present a time analysis on Tor traffic flows, captured between the client and the entry node. We define two scenarios, one to detect Tor traffic flows and the other to detect the application type: Browsing, Chat, Streaming, Mail, Voip, P2P or File Transfer. In addition, with this paper we publish the Tor labelled dataset we generated and used to test our classifiers.

An Evaluation Framework for Intrusion Detection Dataset

The growing number of security threats on the Internet and computer networks demands highly reliable security solutions. Meanwhile, Intrusion Detection (IDSs) and Intrusion Prevention Systems (IPSs) have an important role in the design and development of a robust network infrastructure that can defend computer networks by detecting and blocking a variety of attacks. Reliable benchmark datasets are critical to test and evaluate the performance of a detection system. There exist a number of such datasets, for example, DARPA98, KDD99, ISC2012, and ADFA13 that have been used by the researchers to evaluate the performance of their intrusion detection and prevention approaches. However, not enough research has focused on the evaluation and assessment of the datasets themselves. In this paper we present a comprehensive evaluation of the existing datasets using our proposed criteria, and propose an evaluation framework for IDS and IPS datasets.

CIC-AB: Online ad blocker for browsers

Online advertisements (ads) have taken over the web, nowedays most websites contain some sort of ads. While ads produce revenue for the server maintainer or to businesses, they have become intrusive and dangerous as ever. The ads use more bandwidth, show inappropriate content, and spread malware such as adware and ransomware. Although there are many products to block ads, also known as ad blockers, most depend on static filter lists that must be managed manually and frequently updated. When malicious advertisers can produce millions of new URLs within minutes, this is not the most effective method against ads. In this paper we propose our own ad blocker, CIC-AB, which uses machine learning techniques to detect new and unknown ads without needing to update a filter list. The proposed ad blocker has been developed as an extension for the common browsers (e.g. Firefox and Chrome). It classifies URLs, both HTTP and HTTPS, as: non-ad, normal-ad and malicious-ad. The analysis showed the average precision, recall and False Positive rate of CIC-AB for five classifiers namely; Naive Bayes (NB), Support Vector Machine (SVM), K-Nearest Neighbour (KNN), Random Forest (RF) and Decision Tree (DT) is 97.16%, 94.96% and 3.38% respectively.

A Lightweight Online Advertising Classification System using Lexical-based Features.

Due to the significant development of online advertising, malicious advertisements have become one of the major issues to distribute scamming information, click fraud and malware. Most of the current approaches are involved with using filtering lists for online advertisements blocking, which are not scalable and need manual maintenance. This paper presents a lightweight online advertising classification system using lexical-based features as an alternative solution. In order to imitate real-world cases, three different scenarios are generated depending on three different URL sources. Then a set of URL lexical-based features are selected from previous researches in the purpose of training and testing the proposed model. Results show that by using lexical-based features, advertising detection accuracy is about 97% in certain scenarios.

BotViz: A memory forensic-based botnet detection and visualization approach

Nowadays, there are many serious cyber security threats such as viruses, worms and trojans but without a doubt botnets are one of the largest threats. Although there are numerous ways to discover botnets and mitigate their effects, most methods have problems effecting detection, due to their evasive characteristics. Also, the majority of previous research uses only one data source (e.g. network traffic), which makes the botnet detection process very difficult over a network. This paper proposes a detection and visualization system, BotViz, to visualize botnets by using memory forensics analysis and a new domain generation algorithm detector. BotViz utilizes machine learning techniques to detect anomalous function hooking behaviors. We established a live Zeus botnet to evaluate the efficiency of the BotViz.

Detecting Malicious URLs Using Lexical Analysis

The Web has long become a major platform for online criminal activities. URLs are used as the main vehicle in this domain. To counter this issues security community focused its efforts on developing techniques for mostly blacklisting of malicious URLs. While successful in protecting users from known malicious domains, this approach only solves part of the problem. The new malicious URLs that sprang up all over the web in masses commonly get a head start in this race. Besides that Alexa ranked trusted websites may convey compromised fraudulent URLs called defacement URL. In this work, we explore a lightweight approach to detection and categorization of the malicious URLs according to their attack type. We show that lexical analysis is effective and efficient for proactive detection of these URLs. We provide the set of sufficient features necessary for accurate categorization and evaluate the accuracy of the approach on a set of over 110,000 URLs. We also study the effect of the obfuscation techniques on malicious URLs to figure out the type of obfuscation technique targeted at specific type of malicious URL.

Innovations in Communications Security

Communications security is the discipline of preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients. This special issue collects 6 papers from 15 authors belonging to different countries and institutions. It summarizes the most recent developments and ideas on emerging communications security, with particular focus on privacy preserving, key distribution scheme, and digital image watermarking. In the paper by X. Cao et al. entitled “A PrivacyPreserving Outsourcing Data Storage Scheme with Fragile Digital Watermarking-Based Data Auditing,” a privacypreserving and auditing-supporting outsourcing data storage scheme by using encryption and digital watermarking is proposedwhich combines digital watermark technologywith encryption method for outsourcing data storage. In the paper by H. Zhong et al. entitled “An Efficient Electronic English Auction System with a Secure On-Shelf Mechanism and Privacy Preserving,” a novel electronic English auction system is proposed which uses symmetrical encryptions and fewer ECC operations and improves the security and reduces the system cost. In the paper by J. N. Luo andM.H. Yang entitled “Analysis and Improvement of Key Distribution Scheme for Secure Group Communication,” a scheme to enhance the security of EGK is proposed which guarantees forward and backward secrecy, prevents message modification and forgery during rekeying, requires sender verification, and therefore prevents MITM attacks in group communication. In the paper by Y. Zolotavkin and M. Juhola entitled “A New Scalar Quantization Method for Digital Image Watermarking,” a new scalar QIM-based watermarking method is proposed which provides higher robustness under AWGN and GA compared to other quantization methods. The advantage of the method is due to the introduced procedure of recovery after GA as well as new distribution of quantized samples with IDL. In the paper by M. C. Tran and Y. Nakamura entitled “Communication Behaviour-Based Big Data Application to Classify and Detect HTTP Automated Software,” a new method is proposed to detect and classify auto-ware communication behaviour based on HTTP traffic that uses minor features in HTTP traffic and does not use any signature or content-based feature. In the paper by J. Wang and J. Liu entitled “The Comparison of Distributed P2P Trust Models Based on Quantitative Parameters in the File Downloading Scenarios,” a new method is proposed to compare and evaluate the trustmodels with quantitative parameters in P2P file downloading scene that evaluated parameters extracted from the trust related concepts and modelled into a hierarchical structure.